Security

Hi.

I am using MAC authentication for Printers in my organization.

My rule is: If the printer's MAC is known and another attribute I added manually to each printer: "Endpoint:Device-Type = Printer" exists, Then send some user-role (That is configured on the switch).

Things are working fine but after a day, some of the printers "disappear" and only shutting down the port and bringing it back, makes them get back.

Any ideas on how I can solve this issue?

Hi.

I am using MAC authentication for Printers in my organization.

My rule is: If the printer's MAC is known and another attribute I added manually to each printer: "Endpoint:Device-Type = Printer" exists, Then send some user-role (That is configured on the switch).

Things are working fine but after a day, some of the printers "disappear" and only shutting down the port and bringing it back, makes them get back.

Any ideas on how I can solve this issue?

Hi.

I am using MAC authentication for Printers in my organization.

My rule is: If the printer's MAC is known and another attribute I added manually to each printer: "Endpoint:Device-Type = Printer" exists, Then send some user-role (That is configured on the switch).

Things are working fine but after a day, some of the printers "disappear" and only shutting down the port and bringing it back, makes them get back.

Any ideas on how I can solve this issue?

Are the printers going into sleep mode? Have you tested with one printer to disable sleep mode and test the next day if it's still available?

Hi.

I am using MAC authentication for Printers in my organization.

My rule is: If the printer's MAC is known and another attribute I added manually to each printer: "Endpoint:Device-Type = Printer" exists, Then send some user-role (That is configured on the switch).

Things are working fine but after a day, some of the printers "disappear" and only shutting down the port and bringing it back, makes them get back.

Any ideas on how I can solve this issue?

I didn't know there is an option to the printer to fo to sleep mode.

But even if it does. The only way is to disable sleep mode ?

Are the printers going into sleep mode? Have you tested with one printer to disable sleep mode and test the next day if it's still available?

Hi.

I am using MAC authentication for Printers in my organization.

My rule is: If the printer's MAC is known and another attribute I added manually to each printer: "Endpoint:Device-Type = Printer" exists, Then send some user-role (That is configured on the switch).

Things are working fine but after a day, some of the printers "disappear" and only shutting down the port and bringing it back, makes them get back.

Any ideas on how I can solve this issue?

It's just to establish if that's the issue as opposed to something wrong with Clearpass or the Switch. I think it's a common issue. 

I didn't know there is an option to the printer to fo to sleep mode.

But even if it does. The only way is to disable sleep mode ?

Are the printers going into sleep mode? Have you tested with one printer to disable sleep mode and test the next day if it's still available?

Hi.

I am using MAC authentication for Printers in my organization.

My rule is: If the printer's MAC is known and another attribute I added manually to each printer: "Endpoint:Device-Type = Printer" exists, Then send some user-role (That is configured on the switch).

Things are working fine but after a day, some of the printers "disappear" and only shutting down the port and bringing it back, makes them get back.

Any ideas on how I can solve this issue?

Hi.

I am using MAC authentication for Printers in my organization.

My rule is: If the printer's MAC is known and another attribute I added manually to each printer: "Endpoint:Device-Type = Printer" exists, Then send some user-role (That is configured on the switch).

Things are working fine but after a day, some of the printers "disappear" and only shutting down the port and bringing it back, makes them get back.

Any ideas on how I can solve this issue?

------------------------------
Best regards,
Alon Haber
------------------------------

This link will describe best what you are experiencing.

I have the same issue and for now I added to the switch port this command (ArubaOS) which seems to solve it.

aaa port-access controlled-direction in

although i still don't fully understand what downsides this command has.

Original Message:
Sent: Mar 27, 2023 03:54 AM
From: AH18
Subject: Printers with MAC-Auth disappears and lose connectivity

Hi.

I am using MAC authentication for Printers in my organization.

My rule is: If the printer's MAC is known and another attribute I added manually to each printer: "Endpoint:Device-Type = Printer" exists, Then send some user-role (That is configured on the switch).

Things are working fine but after a day, some of the printers "disappear" and only shutting down the port and bringing it back, makes them get back.

Any ideas on how I can solve this issue?

------------------------------
Best regards,
Alon Haber
------------------------------

Hi.

I am using MAC authentication for Printers in my organization.

My rule is: If the printer's MAC is known and another attribute I added manually to each printer: "Endpoint:Device-Type = Printer" exists, Then send some user-role (That is configured on the switch).

Things are working fine but after a day, some of the printers "disappear" and only shutting down the port and bringing it back, makes them get back.

Any ideas on how I can solve this issue?

Hi Alon,
what type of Switches do you use?

In case you use AOS (Procurve) you might want to check the logoff-period setting: i.e. aaa port-access authenticator 1 logoff-period 864000

In case you use AOS CX (Aruba CX) you might want to check client inactivity timout in the local access role settings

Kind regards

Martin

Hi.

I am using MAC authentication for Printers in my organization.

My rule is: If the printer's MAC is known and another attribute I added manually to each printer: "Endpoint:Device-Type = Printer" exists, Then send some user-role (That is configured on the switch).

Things are working fine but after a day, some of the printers "disappear" and only shutting down the port and bringing it back, makes them get back.

Any ideas on how I can solve this issue?

Hi all,

I ran into the same problem with a Lexmark printer (Lexmark Firmware, Magazine = LW50.PR2.P544-0, Kernel = FW5.CY.F544-0, Base = LW50.PR2.P544-0, Network = NH5.CY.N543-0, Network Driver = LW50.PR2.P544-0, Engine = FDN.PIR.E618-0).
In the CX series switches no problem, in the procurve series switches, however, after about 10 minutes of inactivity the printer no longer responds.

This is the configuration:

aaa accounting update periodic 3
aaa accounting network start-stop radius
aaa authentication login privilege-mode
aaa authentication ssh login radius local
aaa authentication ssh enable radius local
aaa authentication port-access eap-radius

aaa port-access authenticator 1

aaa port-access authenticator 1 client-limit 1

aaa port-access authenticator active

aaa port-access mac-based 1

aaa port-access mac-based 1 logoff-period 99999

Do you have any ideas?

With the CX switches and the printer itself the problem does not arise.

Thanks 

Hi Alon,
what type of Switches do you use?

In case you use AOS (Procurve) you might want to check the logoff-period setting: i.e. aaa port-access authenticator 1 logoff-period 864000

In case you use AOS CX (Aruba CX) you might want to check client inactivity timout in the local access role settings

Kind regards

Martin

Hi.

I am using MAC authentication for Printers in my organization.

My rule is: If the printer's MAC is known and another attribute I added manually to each printer: "Endpoint:Device-Type = Printer" exists, Then send some user-role (That is configured on the switch).

Things are working fine but after a day, some of the printers "disappear" and only shutting down the port and bringing it back, makes them get back.

Any ideas on how I can solve this issue?